eBay Hacked, 145 Million Accounts Compromised

eBay, the second largest e-commerce retailer in the world with over 145 million active customers, announced that their database has been hacked in a recent press release.

eBay revealed that attackers compromised a part of a customer database that included emails, physical addresses, encrypted passwords and dates of birth, in a cyber attack between late February and early March. eBay confirmed that no finical information such as credit cards or any of PayPal’s information had been compromised in the attack.

The company stated, “after conducting extensive tests on its networks” eBay found no unauthorized access of user accounts. However, as a security precaution, eBay will be changing users passwords for it will “help enhance security for eBay users.”

eBay waited over two weeks to tell customers about the data breach. eBay stated they conducted a forensic investigation of its computers to identify the extent of the attack and found hackers compromised employee accounts to gain access to the servers. “Cyber attackers compromised a small number of employee login credentials, allowing unauthorized access to eBay’s corporate network,” the company said in a statement.

They detected unauthorized access to employee logins two weeks ago and is “working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.”

eBay spokeswoman Amanda Miller told Reuters that the company has hired FireEye Inc’s Mandiant forensics division to help further investigate the attack.

It is highly recommended all eBay users reset their password, it’s speculated hackers have not gained access to keys to decrypt the data, but the possibilities are endless.

Cyber security experts note this could be the second largest data breach in history to hit a U.S. company, based on the number records accessed by the hackers. The largest attack was uncovered in October 2013, Abode Systems Inc had a critical data breach where hackers access about 152 million customer accounts.